<?
$title = 'Secure Program Area: Create New Account';
include("includes/functions.php");
include("includes/sajax/functionsSajax.php");
include("includes/sajax/sajax.php");

// Check for login
if ($_POST[createAccount] == 1) {
	$nameFirst = fieldToDB($_POST[nameFirst]);
	$nameLast  = fieldToDB($_POST[nameLast]);
	$email     = fieldToDB($_POST[email]);
	$userid    = $email;
	$password  = fieldToDB($_POST[password]);
	$passwordConfirm  = fieldToDB($_POST[passwordConfirm]);
	$programID = $_POST[programID];
	$phone1    = fieldToDB($_POST[phone1]);
	$phone2    = fieldToDB($_POST[phone2]);
	$officeNo  = fieldToDB($_POST[officeNo]);
	$positionID= $_POST[positionID];
	
    // ***** ERROR CHECKING *****
	if (
		empty($nameFirst) ||
		empty($nameLast)  ||
		empty($email)     ||
		empty($userid)  ||
		empty($password)  ||
		empty($passwordConfirm)
		) {
		$error = 1;
		$message = 'You are missing some information.';	
	}
	if ($password != $passwordConfirm) {
		$error = 1;
		$message = 'Your password was not confirmed.';
	}	
	// Check for existing account
	$sql = "SELECT UID from casa_users 
			WHERE 
			Userid    = '$userid'     AND 
			Password  = '$password'    AND
			NameFirst = '$nameFirst' AND
			NameLast  = '$nameLast'  AND
			Email     = '$email'";
	$result = mysql_db_query($dbname,$sql);
	$numRows = mysql_num_rows($result);
	if (!empty($numRows)) {
	    $error = 1;
	    $message = "You already have an account on file. Your login information has been sent to <b>$email</b>.";
		$row = mysql_fetch_assoc($result);
		$uID = $row[UID];
	    sendMailAccountInfo($email,$uID);
	} else {
		// Check for duplicate userid
		$sql = "SELECT UID from casa_users WHERE Userid = '$userid'";
		$result = mysql_db_query($dbname,$sql);
		$numRows = mysql_num_rows($result);
		if ($numRows>0) {
			$error = 1;
			$message = 'User Name <b>'.$userid.'</b> has been taken.  Please select another user name.';
		}
	}
	// ***** END ERROR CHECKING
	if ($error != 1) {
	    // Are we updating an existing account or adding a new one
		$sql = "SELECT * from casa_users 
				WHERE 
				ProgramID = '$programID' AND
				NameFirst = '$nameFirst' AND
				NameLast  = '$nameLast'  AND
				Email     = '$email'";
		$result = mysql_db_query($dbname,$sql);
		$numRows = mysql_num_rows($result);
		
		if ($numRows>0) {
			$row = mysql_fetch_assoc($result);
			$uID = $row[UID];
			
			// We are updating an existing record
			$sql = "UPDATE casa_users SET
					Userid   = '$userid',
					Password = '$password'
					WHERE 
					UID = '$uID'";
			$result = mysql_db_query($dbname,$sql);
		} else {
			// We are adding a new record
			$sql = "INSERT into casa_users (
					Userid,
					Password,
					ProgramID,
					NameFirst,
					NameLast,
					Email,
					Phone1,
					Phone2,
					OfficeNo,
					PositionID,
					AdminLevel					
					) values (
					'$userid',
					'$password',
					'$programID',
					'$nameFirst',
					'$nameLast',
					'$email',
					'$phone1',
					'$phone2',
					'$officeNo',
					'$positionID',
					'0'
					)";
			$result = mysql_db_query($dbname,$sql);
			
			$uID = mysql_insert_id();
		}
			       
	    $_SESSION['UID']    = $uID;
	    $_SESSION['userid'] = $userid;
	    $_SESSION['name']   = $nameFirst.' '.$nameLast;
	    $_SESSION['userLevel'] = 0;
	    $_SESSION['logged'] = 1;	
	    
	    sendMailAccountInfo($email,$uID,1);
	    header("Location: accountHome.php?newAccount=1");
	}
}
include("includes/header.php"); 
?>	
<script type="text/javascript" language="javascript">
function checkForm() {
	var programID = $('programID').options;
	var programID = programID[programID.selectedIndex].value;
	if ( (programID == 'Select...') || (programID == '') ) {
		alert('Please select a CASA program.');
		return false;
	}	
	if ($('nameFirst').value == '') {
		alert('Please enter your first name.');
		return false;
	}
	if ($('nameLast').value == '') {
		alert('Please enter your last name.');
		return false;
	}
	if ($('email').value == '') {
		alert('Please enter your email address.');
		return false;
	}
	if ($('password').value == '') {
		alert('Please enter a password.');
		return false;
	}
	if ( ($('password').value != $('passwordConfirm').value) || ($('passwordConfirm').value == '') ) {
		alert('Your password was not confirmed.');
		return false;
	}
	
	return true;
}
</script>
<center>
<div class="bluBox" style="width: 600px; text-align: left;">
	
	<?
	if (!empty($error)) {
		echo "<div id=\"pageInstructions\" style=\"padding: 3px; width: 100%; background: #ffffcc;\"><b>Alert!</b> $message</div>\n";
	}
	?>
	<form action="<?=$PHP_SELF; ?>" method="POST" name="loginForm" onSubmit="return checkForm();">
	<input type="hidden" name="createAccount" value="1" />
	<table>
	<tr>
		<td style="width: 180px;"></td>
		<td><img src="images/iconRequired.gif" /> Required information</td>
	</tr>
	<tr>
		<td style="text-align: right;"><label class="required">CASA Program</label></td>
		<td>
			<select id="programID" name="programID" size="1" style="width: 300px;">
			<option>Select...</option>
			<option></option>
			<? echo getPrograms('select',$programID); ?>
			</select>
		</td>
	</tr>
	<tr>
		<td style="text-align: right;"><label class="required">Name (First, Last)</label></td>
		<td>
			<input type="text" name="nameFirst" id="nameFirst" style="width: 148px;" value="<?=$nameFirst; ?>" />
			<input type="text" name="nameLast" id="nameLast" style="width: 147px;" value="<?=$nameLast; ?>" />
		</td>
	</tr>
	<tr>
		<td style="text-align: right;"><label class="required">Email Address</label></td>
		<td><input type="text" name="email" id="email" style="width: 300px;" value="<?=$email; ?>" /></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label>Phone, Office</label></td>
		<td><input type="text" name="phone1" id="phone1" style="width: 300px;" value="<?=$phone1; ?>" /></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label>Phone, Mobile</label></td>
		<td><input type="text" name="phone2" id="phone2" style="width: 300px;" value="<?=$phone2; ?>" /></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label>Office Number</label></td>
		<td><input type="text" name="officeNo" id="officeNo" style="width: 300px;" value="<?=$officeNo; ?>" /></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label>Position</label></td>
		<td><select id="positionID" name="positionID" size="1" style="width: 300px;">
			<option>Position...</option>
			<option></option>
			<? 
			$positions = getCategories('select','P',$positionID);
			echo $positions;
			?>
			</select>
		</td>
	</tr>
	<tr>
		<td style="height: 15px;"></td>
		<td></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label class="required">Password</label></td>
		<td><input type="password" id="password" name="password" style="width: 300px;" /></td>
	</tr>
	<tr>
		<td style="text-align: right;"><label class="required">Confirm Password</label></td>
		<td><input type="password" id="passwordConfirm" name="passwordConfirm" style="width: 300px;" /></td>
	</tr>
	<tr>
		<td></td>
		<td>
			<input type="submit" value="Create Your Account" style="margin-right: 20px;" />
			<a href="login.php"><b>Cancel!</b></a>
		</td>
	</tr>
	</table>
	</form>
</div>
</center>
<br />
<? include("includes/footer.php"); ?>		